these-ammii/thesis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
thesis/3_rasta/9_conclusion.typ
Jean-Marie Mineau 25c79da4f9
Some checks failed
/ test_checkout (push) Failing after 1s
Details
factorize pb stat
2025-08-17 00:22:26 +02:00

34 lines
2.3 KiB
Typst
Raw Blame History

#import "@local/template-thesis-matisse:0.0.1": etal
#import "../lib.typ": todo, jfl-note
#import "../lib.typ": pb1, pb1-text, APKs, SDK, highlight-block
#import "X_var.typ": *
== Conclusion <sec:rasta-conclusion>
Since the release of Android, many tools have been published in order to analyse Android application.
In @sec:bg, we went through contributions benchmarking and comparing some of those tools.
Those contributions suggested that analysing real-world applications might be more of a challenged than expected.
This led us to question the reusability of those tools (#pb1).
This chapter has assessed the suggested results of the literature~@luoTaintBenchAutomaticRealworld2022 @pauckAndroidTaintAnalysis2018 @reaves_droid_2016 about the reliability of static analysis tools for Android applications.
With a dataset of #NBTOTALSTRING applications we established that #resultunusable of #nbtoolsselectedvariations tools are not reusable.
2 of those where due to the fact that whe did not managed to use the tools, even with the help of the author.
We consider the 10 other tools the be unusable due to the fact that they fail to finish their analysis more than 50% of the time..
In total, the analysis success rate of the tools that we could run for the entire dataset is #resultratio.
The characteristics that have the most influence on the success rate is the bytecode size and min #SDK version.
Finally, we showed that malware #APKs generate less fatal errors than goodware when analysed.
Following Reaves #etal recommendations~@reaves_droid_2016, we publish the Docker and Singularity images we built to run our experiments alongside the Docker files.
This will allow the research community to use directly the tools without the build and installation penalty.
#v(1.5em)
#align(center, highlight-block(inset: 15pt, width: 75%, breakable: false, block(align(left)[
#pb1: #pb1-text
#v(0.75em)
More than half the tools we selected were not usable.
In some cases, it was due to our inability to setup the tool correctly.
Mostly, it was due to the high failure rate when analysing real-world applications.
Results show that large applications cause more crashes, as does applications with higher min #SDK target.
Goodware also appear to generate more analysis failure than malware.
])))
Reference in a new issue View git blame Copy permalink